Cycling and bicycle discussion forums. 
   Click here to join our community Log in to access your Control Panel  


Go Back   > >

Foo Off-Topic chit chat with no general subject.

User Tag List

Reply
 
Thread Tools Search this Thread
Old 01-10-09, 07:45 AM   #1
lodi781
was kung-fu fighting
Thread Starter
 
lodi781's Avatar
 
Join Date: May 2006
Location: Connecticut
Bikes: '00 schwinn moab disk/06 specialized stumpy fsr expert, 06 look565
Posts: 72
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Need CPU help...bad...

Google search keeps redirecting on me...the listing is right, but the actual web adresses are different....I was looking for an outdoor shop by me, and the listing was good, but then some stupid other website poped up. Anybody know what this might be??? AVG and malwarebytes aren't picking anything up...
lodi781 is offline   Reply With Quote
Old 01-10-09, 08:29 AM   #2
MrCrassic 
Senior Member
 
MrCrassic's Avatar
 
Join Date: Jun 2007
Location: Brooklyn, NY
Bikes: 2008 Giant OCR1 (with panda bear on the back!)
Posts: 3,650
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Congratulations! You have a textbook case of spyware on your hands. AVG and company won't pick it up because it's able to circumvent detection, and your web addresses are being redirected most likely becuase your not using the real Google, but a compromised version.

What you can try and do is use AVG or any malware scanner to run a scan in safe mode, which will probably surface the problem. What would help more is if you could post a screenshot of your task manager. To open it, hit the CTRL+ALT+ESC buttons simultaneously.
__________________
Ride more.

Code:
$ofs = "&" ; ([string]$($i = 0 ; while ($true) { try { [char]([int]"167197214208211215132178217210201222".substring($i,3) - 100) ; $i =
 $i+3 > catch { break >>)).replace('&','') ; $ofs=" " # Replace right angles with right curly braces
MrCrassic is offline   Reply With Quote
Old 01-10-09, 08:43 AM   #3
lodi781
was kung-fu fighting
Thread Starter
 
lodi781's Avatar
 
Join Date: May 2006
Location: Connecticut
Bikes: '00 schwinn moab disk/06 specialized stumpy fsr expert, 06 look565
Posts: 72
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
awesome...here comes the dumb noob question, ........I have no idea how to post a screen shot...
lodi781 is offline   Reply With Quote
Old 01-10-09, 08:44 AM   #4
lodi781
was kung-fu fighting
Thread Starter
 
lodi781's Avatar
 
Join Date: May 2006
Location: Connecticut
Bikes: '00 schwinn moab disk/06 specialized stumpy fsr expert, 06 look565
Posts: 72
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
....and the control alt esc thing aint working....
lodi781 is offline   Reply With Quote
Old 01-10-09, 09:34 AM   #5
ehidle
T-Shirt Guy
 
ehidle's Avatar
 
Join Date: Jul 2008
Location: Lansdale, PA
Bikes: 2005 Fuji Team Issue, 2007 Fuji SL-1
Posts: 464
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by lodi781 View Post
Google search keeps redirecting on me...the listing is right, but the actual web adresses are different....I was looking for an outdoor shop by me, and the listing was good, but then some stupid other website poped up. Anybody know what this might be??? AVG and malwarebytes aren't picking anything up...
CCleaner is your only hope here. CCleaner uses the Windows Recovery Console to quarantine the entire drive and scan before anything has a chance to load into memory.

It's complicated to install and use, but it will probably save you.
__________________
Yellow + Blue Jerseys!

Get your Cranky T-Shirt!
Men's
and Women's designs available
ehidle is offline   Reply With Quote
Old 01-10-09, 10:03 AM   #6
phantomcow2
la vache fantôme
 
phantomcow2's Avatar
 
Join Date: Aug 2004
Location: NH
Bikes:
Posts: 6,266
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
To take a screenshot: press the "PrtScrn" button on your keyboard. You'll probably find it around the top right corner.

One might also try the program "HijackThis."
__________________
C://dos
C://dos.run
run.dos.run
phantomcow2 is offline   Reply With Quote
Old 01-10-09, 11:24 AM   #7
deraltekluge
Senior Member
 
deraltekluge's Avatar
 
Join Date: Sep 2006
Bikes: Kona Cinder Cone, Sun EZ-3 AX
Posts: 1,195
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by lodi781 View Post
....and the control alt esc thing aint working....
That's because it's CTRL + ALT + DEL that opens the Task Manager. Alternatively, right-click on an unused section of the Task Bar, and then select Task Manager from the pop-up menu. PrintScreen does the screen capture, and puts an image of your screen onto your Clip Board. Do you need instructions on how to get from there to posting it? There's a long thread on the Forum Suggestions & User Assistance forum...How do I post pictures?, but first you have to make a file from that image you captured. You can paste it into an image processing program (even Paint will do), and do a "Save As..."
deraltekluge is offline   Reply With Quote
Old 01-10-09, 11:37 AM   #8
cuda2k
Unique Vintage Steel
 
cuda2k's Avatar
 
Join Date: May 2005
Location: Allen, TX
Bikes: Kirk Frameworks JKS-C, Serotta Nova, Gazelle AB-Frame, Fuji Team Issue, Schwinn Crosscut, All-City Space Horse
Posts: 11,486
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 2 Post(s)
Had the exact same thing happen to my laptop last night. Realized something was fishy when the icon up in the address bar was not the usual when using Google but some stylized G that was supposed to look like a "Google" thing. That and the funky search results.

My solution - took it as an excuse to format the drive which I'd been meaning to do for a while. Decided to throw Vista on it as well since I don't do anything with that laptop that would be happier under XP.
cuda2k is offline   Reply With Quote
Old 01-10-09, 11:53 AM   #9
PlatyPius
Arsehole
 
PlatyPius's Avatar
 
Join Date: Jul 2008
Bikes:
Posts: 2,280
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by phantomcow2 View Post
To take a screenshot: press the "PrtScrn" button on your keyboard. You'll probably find it around the top right corner.

One might also try the program "HijackThis."
I second this. HijackThis is on my all-time best programs list.

Panda AV catches most everything, btw. You can run an online scan for free - if you can get to the site.

Also, sometimes google search results aren't what they appear.... beware.
PlatyPius is offline   Reply With Quote
Old 01-10-09, 11:59 AM   #10
lodi781
was kung-fu fighting
Thread Starter
 
lodi781's Avatar
 
Join Date: May 2006
Location: Connecticut
Bikes: '00 schwinn moab disk/06 specialized stumpy fsr expert, 06 look565
Posts: 72
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Thank you everyboby!...just got back home, and i'll try everything you guys said starting with hijackthis...give me a sec to post my screenshot...
lodi781 is offline   Reply With Quote
Old 01-10-09, 12:09 PM   #11
phantomcow2
la vache fantôme
 
phantomcow2's Avatar
 
Join Date: Aug 2004
Location: NH
Bikes:
Posts: 6,266
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
oh, I forgot to post the second half of the screenshot instructions:
Go into paint and paste in the image (control+v)
__________________
C://dos
C://dos.run
run.dos.run
phantomcow2 is offline   Reply With Quote
Old 01-10-09, 01:09 PM   #12
bmclaughlin807
Crankenstein
 
bmclaughlin807's Avatar
 
Join Date: May 2006
Location: Spokane
Bikes: Novara Randonee (TankerBelle)
Posts: 4,038
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
You all scare me... I'd NEVER recommend Hijack this to someone that didn't know what they were doing...

Try malware bytes and combofix from safe mode... those two will take care of most issues you might have.
__________________
"There is no greater wonder than the way the face and character of a woman fit so perfectly in a man's mind, and stay there, and he could never tell you why. It just seems it was the thing he most wanted." Robert Louis Stevenson
bmclaughlin807 is offline   Reply With Quote
Old 01-10-09, 01:11 PM   #13
x136 
phony collective progress
 
x136's Avatar
 
Join Date: Sep 2006
Location: San Hoosey
Bikes: http://velospace.org/user/36663
Posts: 2,981
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by cuda2k View Post
the icon up in the address bar was not the usual when using Google but some stylized G that was supposed to look like a "Google" thing.
Google changed their favicon very recently.

__________________
x136 is offline   Reply With Quote
Old 01-10-09, 01:51 PM   #14
RazorWind
Senior Member
 
Join Date: May 2004
Bikes:
Posts: 1,225
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
My canned response to problems like this is to just HTFU and reinstall windows. I think in the long run, you come out ahead in terms of time spent screwing around with it if you just do that, as opposed to trying a bunch of different "anti-spyware" apps that aren't able to fully undo the damage done by whatever malware you happen to have.

Obviously, you should back up your valuable data first.
RazorWind is offline   Reply With Quote
Old 01-10-09, 02:13 PM   #15
phantomcow2
la vache fantôme
 
phantomcow2's Avatar
 
Join Date: Aug 2004
Location: NH
Bikes:
Posts: 6,266
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by bmclaughlin807 View Post
You all scare me... I'd NEVER recommend Hijack this to someone that didn't know what they were doing...
You have an excellent point!
__________________
C://dos
C://dos.run
run.dos.run
phantomcow2 is offline   Reply With Quote
Old 01-10-09, 03:37 PM   #16
lodi781
was kung-fu fighting
Thread Starter
 
lodi781's Avatar
 
Join Date: May 2006
Location: Connecticut
Bikes: '00 schwinn moab disk/06 specialized stumpy fsr expert, 06 look565
Posts: 72
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by phantomcow2 View Post
You have an excellent point!
Ya, this whole thing is turning into colossal abortion anyways..........
lodi781 is offline   Reply With Quote
Old 01-10-09, 05:04 PM   #17
phantomcow2
la vache fantôme
 
phantomcow2's Avatar
 
Join Date: Aug 2004
Location: NH
Bikes:
Posts: 6,266
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
What happened? There are enough knowledgeable people on this forum that you can probably get help if you post details.
__________________
C://dos
C://dos.run
run.dos.run
phantomcow2 is offline   Reply With Quote
Old 01-10-09, 05:42 PM   #18
lodi781
was kung-fu fighting
Thread Starter
 
lodi781's Avatar
 
Join Date: May 2006
Location: Connecticut
Bikes: '00 schwinn moab disk/06 specialized stumpy fsr expert, 06 look565
Posts: 72
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
I have to try to restart in safe mode...not real good with computers ( in case you missed that) But, in short, my screen shot thing isn't working, no idea, maybe the drivers didn't load right when I got my new keyboard(kensington). I can't download that hijackthis thing even if I wanted to because I can't get it to google ( or yahoo or anything else) and wouldn't know what to do with it even if I did get it to download. So i'll try the safe mode thing with malwarebytes and avg, and if that doesn't work, i'll re- load xp.
lodi781 is offline   Reply With Quote
Old 01-10-09, 05:54 PM   #19
cuda2k
Unique Vintage Steel
 
cuda2k's Avatar
 
Join Date: May 2005
Location: Allen, TX
Bikes: Kirk Frameworks JKS-C, Serotta Nova, Gazelle AB-Frame, Fuji Team Issue, Schwinn Crosscut, All-City Space Horse
Posts: 11,486
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 2 Post(s)
Quote:
Originally Posted by x136 View Post
Google changed their favicon very recently.

it wasn't that one. It was a white G with different colors in each "corner" and inside the loops of the G.

Quote:
Originally Posted by RazorWind View Post
My canned response to problems like this is to just HTFU and reinstall windows. I think in the long run, you come out ahead in terms of time spent screwing around with it if you just do that, as opposed to trying a bunch of different "anti-spyware" apps that aren't able to fully undo the damage done by whatever malware you happen to have.

Obviously, you should back up your valuable data first.
More or less the conclusion I came to. hadn't been done since I got my laptop (bout 2 years ago), but also didn't have much on it as I had planned to send it in for repair on the monitor cable a while back but never did (fixed it myself).

Quote:
Originally Posted by lodi781 View Post
I have to try to restart in safe mode...not real good with computers ( in case you missed that) But, in short, my screen shot thing isn't working, no idea, maybe the drivers didn't load right when I got my new keyboard(kensington). I can't download that hijackthis thing even if I wanted to because I can't get it to google ( or yahoo or anything else) and wouldn't know what to do with it even if I did get it to download. So i'll try the safe mode thing with malwarebytes and avg, and if that doesn't work, i'll re- load xp.
Good Luck!
cuda2k is offline   Reply With Quote
Old 01-10-09, 06:40 PM   #20
x136 
phony collective progress
 
x136's Avatar
 
Join Date: Sep 2006
Location: San Hoosey
Bikes: http://velospace.org/user/36663
Posts: 2,981
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by cuda2k View Post
it wasn't that one. It was a white G with different colors in each "corner" and inside the loops of the G.
That's exactly what I posted. You must have a cache issue or something. <-- That?
__________________
x136 is offline   Reply With Quote
Old 01-10-09, 11:13 PM   #21
lodi781
was kung-fu fighting
Thread Starter
 
lodi781's Avatar
 
Join Date: May 2006
Location: Connecticut
Bikes: '00 schwinn moab disk/06 specialized stumpy fsr expert, 06 look565
Posts: 72
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by x136 View Post
That's exactly what I posted. You must have a cache issue or something. <-- That?
Yep, thats what I got...my buddy just told me to try smitfraudfix...we'll see if that works....
lodi781 is offline   Reply With Quote
Old 01-10-09, 11:22 PM   #22
USAZorro
Señor Member
 
USAZorro's Avatar
 
Join Date: Oct 2004
Location: Florence, KY
Bikes: 1954 Hetchins M.O., 1959 Viking Severn Valley, 1970 Raleigh Pro, 1972 Fuji "The Finest", 1974 Raleigh Superbe&Comp, 1976 Raleigh Team Pro, 1996 Giant Iguana, 2000 Bob Jackson Arrowhead
Posts: 14,387
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 12 Post(s)
Quote:
Originally Posted by cuda2k View Post
... Decided to throw Vista on it as well ...
There's a mistake.
__________________
In search of what to search for.
USAZorro is offline   Reply With Quote
Old 01-11-09, 01:39 AM   #23
Wordbiker
Pwnerer
 
Wordbiker's Avatar
 
Join Date: Jun 2005
Location: Pagosa Springs, CO, USA
Bikes: Road, MTB, Cruiser, Chopper, BMX
Posts: 2,907
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by lodi781 View Post
I have to try to restart in safe mode....
Go to Start>Run>type "MSCONFIG">OK.

Click the BOOT.INI tab and check /SAFEBOOT, then click OK.

Now every time the computer reboots you'll be in safe mode until you go through that same process and uncheck the /SAFEBOOT box.

I've found that very handy for running multiple scans and antivirus apps.
__________________
Quote:
Originally Posted by ahsposo View Post
Ski, bike and wish I was gay.
Wordbiker is offline   Reply With Quote
Old 01-11-09, 10:47 AM   #24
cuda2k
Unique Vintage Steel
 
cuda2k's Avatar
 
Join Date: May 2005
Location: Allen, TX
Bikes: Kirk Frameworks JKS-C, Serotta Nova, Gazelle AB-Frame, Fuji Team Issue, Schwinn Crosscut, All-City Space Horse
Posts: 11,486
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 2 Post(s)
x136 - yeah that was the one. Guess it wasn't being injected by the malware. Which I thought would have been endlessly stupid for a malware developer to do in the first place.
cuda2k is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -6. The time now is 11:32 AM.